• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root flash_image

AndyOpie150

AndyOpie150

<strong> <a href="http://androidforums.com/optimus
As I was wandering thru the system files I couldn't help but notice the lack of the flash_image file.

Maybe things have changed in three years and it's named something else, but if any recovery, ROM, Gapps, script tweaks, etc. is going to eventually be flashed to phone, shouldn't there be a flash_image somewhere?
 
Thanks. I kind figured there might be a leap in tech from the V to the L70.
 
yea a lot has changed since then :)

now everyone for the modding community uses DD, either way this device has a locked bootloader so there wont be any flashing of recoveries here :(
 
Shabbypenguin said:
yea a lot has changed since then :)

now everyone for the modding community uses DD, either way this device has a locked bootloader so there wont be any flashing of recoveries here :(
Click to expand...
Yep, I feel like I built this recovery for nothing since I cant get 2nd init figured out lol. Chances are, I will probably never be able to test it to see if it works :p
 
The ZV4 Optimus V had an unlocked bootloader. The ZV5 was locked, but a custom recovery was still able to be flashed.

Are the partitions set up differently in this OS?

Just because the bootloader is locked, doesn't necessarily mean a custom recovery can't be flashed.
The fact that I can see the recovery for a couple of seconds gives me some hope to a solution. I do like a challenge.
 
If you like a challenge then you could always try figuring out a workaround for the locked bootloader (safestrap, 2nd init). I will tell you right now though, if you hate frustration, then don't mess with it lol. I have been at this for weeks and still haven't made much progress. I manually executed the 2nd init binary to see if it was the problem with the whole 2nd init deal and the error leads me to think it is: 2nd-init binary - Pastebin.com

You will also need to edit the AndroidManifest.xml in the .apk to allow it to install on 4.4 devices. All I can tell you is good luck :)
 
AndyOpie150 said:
The ZV4 Optimus V had an unlocked bootloader. The ZV5 was locked, but a custom recovery was still able to be flashed.

Are the partitions set up differently in this OS?

Just because the bootloader is locked, doesn't necessarily mean a custom recovery can't be flashed.
The fact that I can see the recovery for a couple of seconds gives me some hope to a solution. I do like a challenge.
Click to expand...

lg has had a locked bootloader on all devcies they make since they have been shipping devices with ICS, any devices that got upgraded like the spectrum gained a new locked bootloader. some have been lucky and had hacks worked out by flashing similar devices or older bootloaders but that was on older devices that were compatible. no such luck here, the only currently known lg bootloader exploit got patched in 4.4. you can use stock recovery all you want, if you change the partition when aboot loads up it sig checks teh hash of teh partition and sees if it is still signed by lg, if that check fails then it fails to boot.

i could make a perfectly working cwm for you guys to use, but as soon as you put it on your phone it will stop booting up.
 
So we need to figure out how to disable the signature check. If someone put it in, someone can take it out, right. Just need to find it in the ROM files, right?
 
its in the bootloader ill give you teh best way possible.

1) Go to https://www.hex-rays.com/products/ida/support/orderforms/namedworld.pdf and buy the arm version of IDA, it starts at about 2300 for a single user, dont bother trying to use a cracked copy, there arent any that will work for what you need.
2) Dissemble aboot partition and reverse it
3) Figure out where in the is their signing key that they use to check the recovery/kernel partitions
4) Generate your own and sign your recovery/kernel with it
5) Swap out the signing key in the dissembled aboot.img and then reassemble it
6) Resign your aboot with LG's private key so that the low level boot code will accept it.

Thats about the only way you are gunna "crack" it. a far better and more possible way is using the ida to find an exploit in the bootloader kind of like how loki was done. the last person to publish a big trustzone exploit like that for android was dan publishing loki over a year ago.

Sorry if im a bit harsh on the reality of the situation, but as crappy as LG's security is in comparison to other OEM's, no one does stuff like that as it would be such an overlook that would get someone fired.
 
You must log in or register to reply here.
Back
Top Bottom